Determine PPS Objectives Design PPS Physical Protection Systems
Detection Delay Response
Response Force Access
Delay Exterior Sensors
Interior Sensors
EASI Model Adversary Sequence Diagrams Computer Models Risk Assessment Response Force
Communications Alarm Assessment
Alarm
Communication & Display Entry Control
Analyze PPS Design
Analysis/Evaluation
Final PPS Design
Redesign PPS Facility
Characterization Threat Definition
Target Identification
Alarm communication and display (AC&D) is that part of a PPS that transports alarm and assessment information to a central point and presents the information to a human operator. New developments in electronics, computer, and network tech-nology have changed the design of alarm communication and display systems over time. It is now possible to quickly collect and process a wide variety of information;
the challenge is to effectively present this information in order to enable decisions about what actions are needed. Equip-ment and techniques that are available for reporting alarms to an operator are described in this chapter. Because many AC&D systems also integrate the functions of intrusion detection systems and entry control, some information is also provided for use when considering these functions.
As AC&D systems become more network-based, the complexity of designing, procuring, operating, and
maintaining them will also increase. As a result, this chapter is only a brief overview of the elements that comprise an effective AC&D system. The speed of technology development far outpaces the revision cycle of books like this one, which is one reason why this chapter only describes the system at a high level. Another reason is that, to be truly thorough, another whole book could be written, and that is not our goal. To help address the complexities of network-based AC&D system characterization, a survey tool that begins to characterize the security aspects of an enterprise network is provided in Appendix B.
The two critical elements of an AC&D system are:
1. the transportation or communication of data
2. the presentation or display of that data to a human operator in a mean-ingful manner
161
Evolution of Alarm Reporting Systems
In general, security alarm systems use simple contact closures, such as magnetic switches mounted on doors, to detect an intrusion. Early systems communicated this information using annunciator panels, which had a set of colored lights for each sensor to indicate the alarm status in security zones. Typically, red lights were used to signal sensor detection, yellow to indicate the zone was in access (alarms disabled), and green to show the secure operational state. On an alarm, the oper-ator would manually correlate the alarm to a specific area, then switch the appro-priate camera (if present) to a monitor, and determine the proper response. If no CCTV cameras were available, a guard was dispatched to the area to investi-gate the cause of the alarm. This system, though time consuming, did have some advantages: the simple electrical compo-nents were well understood; there was a direct correlation between the lights and a specific sensor; and the system was easy to maintain.
Annunciator panels also have several limitations. Cost can be very high because separate circuitry is used for each zone;
a large amount of physical space may be needed for a panel that monitors a large number of zones; and the indicator lights can display only a limited amount of information.
As more sophisticated technology became affordable, alarm communication systems were developed to transmit multiple alarm signals simultaneously, incorporate computer control, and add video capability through CCTV integra-tion. Each of these subsystems offered improvements, but when installed as independent units created a system that was difficult to operate and learn to use.
They also put a heavy load on human operators in crisis situations. Modern systems integrate technology compo-nents into a coordinated and effective
system. When combined with appropriate procedures, and trained people, these systems represent the best method to collect, assess, and respond to security events at a facility.
AC&D Attributes
The most useful AC&D systems have specific characteristics. Systems must be designed to withstand the environments in which they are placed. If a component will experience wide temperature vari-ations, such as in an exterior environ-ment, the equipment must be designed to withstand those variations without failing.
Robustness and availability are measures of system performance in all probable environments.
AC&D components and systems should be designed to last a long time. The indi-vidual components should be reliable and have a long mean time between failure (MTBF). A reliable system requires less maintenance and is more trusted by oper-ators. Other aspects of reliability include reliable communication and display of alarm data, and no loss of information.
No communications system has 100%
guaranteed information delivery; however, modern communications equipment can approach that goal by implementing tech-niques for checking and verifying data and reporting disabled communication links.
Electronic components will eventually fail. Good AC&D systems take this chance of failure into account and provide redun-dant or backup capability for critical components. By maximizing the robust-ness, reliability, and redundancy of AC&D systems, the time the system is inoper-able or down for repair can be minimized, thereby maximizing its availability.
Alarm information must be available to security personnel in a timely manner. The AC&D system speed should be a small frac-tion of the overall alarm assessment and response force time. These times will vary from site to site, but AC&D speed should be
Alarm Communication and Display 163
a negligible factor in calculating response or assessment times.
The AC&D system is a major compo-nent in the overall PPS. Because the PPS protects the site’s critical assets, it follows that the AC&D system must also be secure from attacks by adversaries. For example, procedures should limit who has access to AC&D displays and the system configuration, and only authorized persons should have access to AC&D infor-mation, components, and wiring. As part of this protection, the alarm communica-tion infrastructure should also be secured from access by attackers.
AC&D systems must be easy for an operator to use. While a multitude of sensors can provide considerable data, this data must be displayed in a fashion that presents the essential information to the operator. In addition, the user must not be overwhelmed with data, interaction with the system must be efficient, and users must be able to perform necessary oper-ations quickly and easily. A system that is easy to use also reduces the amount of training and retraining needed.
Each of these general characteristics plays a part in the overall effectiveness of an AC&D system, but the single most important measure of AC&D effective-ness is how well it quickly and clearly communicates alarm data from sensors to the system operator. When an alarm event occurs, the AC&D system must communicate to the operator the following information:
• where an alarm has occurred;
• what or who caused the alarm (assess-ment data); and
• when the alarm happened.
The operator should also know how to respond. This can be accomplished through training and AC&D system prompts.
Moreover, all AC&D activity must occur in a timely fashion, so AC&D system speed is a measure of its effectiveness.
The difficulty with this effectiveness measure is its relationship to the response time of a human operator. Measuring oper-ator response is a very difficult process.
Electronic communications systems, on the other hand, are quantifiable. This dual character of AC&D systems makes measuring system effectiveness more complex. Communications systems can be understood, network topologies modeled, and system times measured. When people are involved, however, softer sciences such as ergonomics, human factors engineering, and physiology studies are also needed.
The AC&D system is divided into several subsystems: communications, line super-vision and security, information handling, control and display, assessment, and off-line subsystems. These are discussed in detail below.
Alarm Communication Subsystem The communications subsystem transfers data from one physical location to another.
Specifically, an AC&D communications subsystem moves data from the collec-tion point (sensors) to a central repository (display). If the central repository consists of multiple computers or displays, then the communication subsystem may also move data throughout the repository.
The basic concepts of AC&D commu-nications incorporate a design model, detailed system functions and how they relate to the other AC&D requirements, size of the system and the topologies used, and the combination (in hierarchies) of simple system configurations. Alarm communica-tion systems have several characteristics that drive the design. These characteristics include the quantity of alarm data, need for high reliability, and speed at which data must be delivered. The following discussion details each of these system characteristics and describes the role of these characteristics in system design.
If a sensor activates, the alarm commu-nications system must assure that accurate
data pertaining to this activation is received by the AC&D computers. Assured message delivery means the communica-tion system must be reliable. In addicommunica-tion, alarm data must be transmitted in a timely manner. Both human-factor considerations and interactions between the AC&D and assessment systems drive alarm-reporting speeds.
Human factors require alarms to be reported with no perceptible delay. For a human operator, no perceptible delay is a few tenths of a second. Interactions between the AC&D and the assessment system require reporting times to be a small fraction of the total assessment time. Although total assessment times can vary widely, AC&D and assessment system interaction should only take millisec-onds. Such reporting speeds require fast alarm communications since communica-tions times are only a part of the total alarm reporting time.
Other factors are also important when designing an effective alarm communi-cation system. Physical media must have sufficient bandwidth to handle the communications for the system when oper-ating at full capacity. Communication protocols, which are the special set of rules for communication, are important consid-erations in a system design. System speed dictates the types of protocols used in the system and protocol overhead must be appropriate for the types of data being transmitted. In addition, channel band-width and protocol overhead must be balanced to provide the required system speed.
The best possible communications system would provide instant communica-tions with 100% first-time message trans-mission reliability. In reality, it is not possible to meet this standard. Moreover, high-speed, high-reliability (redundant) systems are expensive. A good commu-nications subsystem design balances the cost of the system with its performance.
Depending on the design, a range of
protocols can be used to balance speed, reliability, and cost.
To ensure that messages reach the oper-ators in the highest security or most complex systems, redundant hardware is required to handle cases of hardware failure, and the system must be able to automatically route messages through the redundant hardware as required. In addi-tion, the protocols used should detect and correct message errors and dupli-cate messages. The Open Source Intercon-nection (OSI) Reference Model describes one way to think about communications systems by dividing system functionality into seven groups known as layers. From lowest to highest, these layers are phys-ical, link, network, transport, session, presentation, and application. For AC&D systems, interest focuses on those OSI layers that provide robustness, redun-dancy, and speed. The layers of interest are those at the lowest level—the physical, link, and network layers. These layers are described in Table 9.1.
Table 9.1 OSI Model Layers as Applied to AC&D Systems.
Physical Layer
The physical layer provides mechanical, electrical, functional, and procedural methods used to transmit information from one place to another. It deals with the media (wire, fiber, etc.) and functional topology (star, bus, point-to-point) characteristics of a communications channel
Link Layer
The data link layer provides protocol delimiters and framing information. This layer also performs basic error-checking Network
Layer
The network layer provides addressing, sequencing, flow-control, receipt/
acknowledgment, and error-handling services. The network layer takes higher-level data and packages it for transmission
Alarm Communication and Display 165
Physical Layer
The physical layer describes the electrical and mechanical aspects of a communica-tions channel. It also describes the func-tional and procedural methods used by a channel. It includes the type of communi-cation media, such as wire or fiber cables, network architectures, such as loops, stars, or buses, and low-level protocols such as EIA-422 (Electronic Industries Associa-tion) or direct current line supervision.
Communication media types relate to the physical characteristics of materials used to build a link. Common media types used to move data from one physical spot to another are twisted-pair copper wire, broadband copper wire, fiber-optic cable, and RF communications links.
Twisted-pair copper cable is the most common media type in use today. This cable supports many different electrical protocols and is easy to install and main-tain. Its long history of use in telephone circuits makes twisted pair almost ubiq-uitous. Twisted-pair cables provide two wires (a pair) for a communications link.
Twisted pair’s weakness is its suscep-tibility to electromagnetic interference.
Lightning, power surges, and common mode signals are all easily coupled into a twisted-pair link. Twisted pair also has distance and bandwidth limitations. High bandwidth signals can be transmitted reli-ably over only relatively short distances.
Therefore, twisted-pair cables are best used for paths of less than 0.6 miles in length.
Broadband cables are similar to twisted pair. Both cable types use copper wire, and the cable provides two conductors to implement the communications link.
The difference is in the physical layout of the cables. Broadband cables take advan-tage of the special electrical characteristics of various wire configurations to improve the cable parameters, thereby increasing distance. Some twisted-pair cable can be broadband if the number of twists in the wire is constant over the entire length of the cable.
The most common broadband cables are coaxial cables. Coaxial cables are typi-cally used to transmit video or high-speed network data. As with twisted pair cable, coaxial cable is susceptible to electromag-netic interference sources such as power surges and lightning and can support many different types of electrical proto-cols. Coaxial cable, because of its special physical configuration, is more expensive than twisted-pair cable. Broadband cables are best used for paths of fewer than 1.2 miles in length.
Fiber-optic cables use glass or plastic fibers to transmit data using light. Fiber cables are a very high-bandwidth media.
Properly installed, fiber is robust and reli-able. Other advantages of fiber include its immunity to electromagnetic interfer-ence of all types and its long transmission distance characteristics. Multimode fiber can operate over distances of 1.2 miles or more. Special single-mode fibers can extend that distance as much as 12 miles.
Fiber is more expensive and more diffi-cult to connect than copper wire cables.
Special tools and training are required to properly connect fiber systems. Because fiber cable does not use electricity, it is not well suited for slow or low bandwidth signals. In addition, fiber is excellent for transmitting fast digital data, but it is not well suited for analog signals.
RF (radio frequency) links use radio transmitters and receivers to send data.
The media is actually the electromagnetic signal that passes between a transmitter and receiver. RF links are not typically used in AC&D communications because of their poor security characteristics.
Network Architecture
Network architectures describe how comp-onents of a system are interconnected. The most cost-effective method of connection for a given installation often depends on the layout of the sensors. These connec-tions, or wiring configuraconnec-tions, can be point-to-point, star, loop, bus, rings, or a combination of these configurations.
The simplest wiring configuration is point-to-point—devices are connected directly to one another. An example of this connection type is shown in Figure 9.1.
Point-to-point connections are used as the basis for other architectures. The simplicity of a point-to-point connection makes it easy to use.
The star architecture, shown in Figure 9.2, uses a collection of point-to-point connec-tions to wire multiple devices back to a single central point. Star networks are commonly used to bring sensor data back to a field panel. Star networks are easy to understand and use, but they are not redun-dant. This approach can be cost-effective for layouts in which the alarm display system is centrally located among a group of sensors.
The star method of transmission is char-acterized by the use of a separate wire pair between each sensor and the alarm display system. Each wire pair is indepen-dent, and there are many physical routes into the alarm display system. This can be an advantage because then a single-point failure only disables part of the system. The disadvantages are that there may be exces-sive cabling and that expansion sometimes requires putting multiple sensors on one input line because there is no room left for adding more cables.
Figure 9.1 Point-to-Point Wiring Connec-tions
Figure 9.2 Star Wiring Architecture
Loops use point-to-point connections to chain devices together. Figure 9.3 shows a typical loop configuration. Loops start and end at the same physical location.
Loops are more efficient users of media than star networks. Loops can also have redundancy if each point-to-point connec-tion is bi-direcconnec-tional. Special physical layer functions must handle the forwarding of message traffic around the loop.
Devices in a bus network share the same common media. Like loops, bus architec-tures are efficient users of media. Because devices share the media, the protocol must arbitrate which device is actively commu-nicating at a given time. However, the bus network is not as reliable as other networks.
A single device failure can cause all commu-nications to cease. Also, bus networks are not implicitly redundant. A bus network connection is shown in Figure 9.4.
A ring is a special case of the bus network topology, as shown in Figure 9.5. Rings, like buses, share the same physical media.
Rings, however, connect devices together in a circle rather than a line. A ring is a
Figure 9.3 Loop Wiring Configuration
Figure 9.4 Bus Wiring Configuration
Alarm Communication and Display 167
Figure 9.5 Ring Wiring Configuration
special bus with redundant features. Rings also share the reliability features of bus networks. Ring networks are not as reli-able as loop or star configurations because, like rings, a single device failure can cause communications to cease.
The basic network building blocks can be combined to form more complex networks.
Hierarchical networks combine one or
Hierarchical networks combine one or